Out of 189 breaches recorded through mid-June, here are the top 15 according to Identity Theft Resource Center.

The Identity Theft Resource Center tracks data-breach incidents and the number of exposed records related to payment cards, customer, university or patient data when that’s known. Here are the Top 15 Worst so far for 2012 based on number of exposed records — and the year’s only half over.

No. of records exposed: 800,000 adults and children on four computer storage devices lost by IBM and Iron Mountain, believed lost in transit between Boulder and Sacramento because of falling out of an unsecured container FedEx was transporting.

No. of records exposed: 780,000 patient files related to Medicaid claims stolen from a server by hackers believed to be operating out of Eastern Europe, Utah’s DTS disclosed in April. In May, Utah CIO Steven Fletcher resigned due to it.

In-Home Support Services, state of California Dept. of Social Services

No. of records exposed: Personal information on 701,000 individuals receiving home care, which was in unencrypted microfiche form mailed by a HP processing facility to the State Compensation Insurance Fund, but the package was damaged in transit in May and some information found missing.

No. of records exposed: A data breach of 654,000 files of personal data related to students, alumni, parents and university employees from the Nebraska Student Information Systems database; a student is the suspected culprit.

No. of records exposed: In May, the university says 350,000 files of personal data, including account and Social Security information, related to students and faculty was “accidentally made available for three months.”

No. of records exposed: Data related to 315,000 patients, including Social Security numbers, had been stored on 10 computer disks but went missing from a storage facility; a class-action lawsuit underway could cost the hospital $200 milion.

No. of records exposed: In April, the agency disclosed a major data breach of 228,435 Medicaid beneficiaries. A former employee for the South Carolina agency has been arrested for transferring this information via e-mail.

No. of records exposed: In May, a computer attack against TSP contractor Serco resulted in a breach of information on 123,000 federal employees, the $313 billion TSP disclosed—10 months after it happened.

No. of records exposed: In May, personal information on 100,000 childcare workers statewide because of suspected data breach associated with contractor for the state storing the information online without password protection.

No. of records: Names, social security numbers, and other personal data belonging to about 110,000 people by hackers calling themselves Spex Security that broke into the school records system in mid-June, with some information on employees and students posted online.